Alevsk

- hosts: "{{ HOSTS }}"
  name: Install and configure podman and podman-compose
  become: yes
  tasks:
    - name: Installing podman and podman-compose
      ansible.builtin.apt:
        name:
          - podman
          - podman-compose
        state: latest

Alevsk

---------------------------------------------------------------

[VulnerabilityType Other]

Remote Command Execution (RCE)

---------------------------------------------------------------

[Affected Component]

Alevsk

- hosts: "{{ HOSTS }}"
  name: Rotate credentials
  become: yes
  vars:
    root_password: "{{ lookup('pipe', 'op item get \"root user\" --fields password') }}"
    user_password: "{{ lookup('pipe', 'op item get \"regular user\" --fields password') }}"
  tasks:
    - name: change user password
      no_log: True
      ansible.builtin.user:

Alevsk

- hosts: "{{ HOSTS }}"
  name: Install authentication keys and certificates
  become: yes
  tasks:

    - name: install public keys
      register: pub_keys_installed
      ansible.posix.authorized_key:
        exclusive: yes
        user: "{{ ansible_user }}"

Alevsk

- hosts: "{{ HOSTS }}"
  name: Install Docker
  become: yes
  vars:
    docker_group: docker
  tasks:
    - name: Install apt-transport-https
      ansible.builtin.apt:
        name:
          - apt-transport-https

Alevsk

#!/bin/sh
node=${1}
if [ -n "${node}" ]; then
    nodeSelector='"nodeSelector": { "kubernetes.io/hostname": "'${node:?}'" },'
else
    nodeSelector=""
fi
set -x
kubectl run ${USER+${USER}-}sudo --restart=Never -it \
    --image overriden --overrides '

Alevsk

package main

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/hmac"
	"crypto/rand"
	"crypto/sha1"
	"crypto/sha256"
	"encoding/base64"

Alevsk

Keybase proof

I hereby claim:

• I am alevsk on github.
• I am alevsk (https://keybase.io/alevsk) on keybase.
• I have a public key ASBoNZUOO7tZVhnH3TLpVV1-Clcy18vFHjpsxSmv-qzTTwo

To claim this, I am signing this object: